There is nothing that feels more inevitable to me (barring regulatory barriers) than tech giants eventually playing a significant role in the payment space. To a slightly lesser degree, I am also starting to believe that traditional merchant acquirers will cease to exist without business model transformation and that networks like Visa and MasterCard will increasingly broaden their scope and subsume some of the functions that are currently offered by merchant acquirers.
In hindsight, the thoughts I wanted to lay out ended up being a three part series.
In part 1 – The Coming Ecosystem War Over Your Wallet and Payments – I argued that tech was entering payments because in a world of walled gardens, it is now the last channel that allows one ecosystem to collect data from another ecosystem. The point of payments is no longer money but data.
In part 2 – Payments and Loyalty – I argued that tech was entering payments because with (mostly) everyone online now, the game is shifting to user retention and user loyalty. Payments is a natural conduit for loyalty programs because many people already engage with credit card loyalty programs from traditional financial services providers.
In part 3, I am going to argue that tech is going to win payments because the changing structure of the payments value chain means tech is best positioned where it matters most – Identity management.
Historically, the credit card value chain looks like this:

Source: How Credit Card Transactions Work by Darren Smith
The chain involves multiple parties. On one side you have the issuing bank that issues the credit card to the customer / user. For example, Chase issues someone a Chase Sapphire Reserve credit card. Credit cards are usually issued under a specific network such as Visa or MasterCard. When that customer goes to a merchant and swipes the card, the card information is handled by the merchant’s merchant acquirer. The merchant acquirer helps the merchant figure out what to do with the card information and request payment. The merchant acquirer does this by connecting with the card network (e.g. Visa). Visa then hands off the information to the issuing bank. Visa therefore allows a stranger (you, the customer) to connect with the merchant’s bank and facilitate payment.
All parties are critical in this chain. Without the issuer, you would not have a card to use. Without the merchant acquirer, the merchant would not know how to process your credit card and request payment. And without the network, the merchant acquirer would not know which issuer bank to connect to.
For many years, credit cards were the dominant form of digital payments but the manner in which credit cards were used were largely non-digital.
Credit cards were mostly used offline. But even when credit cards were used online, the process of facilitating the transaction followed very much a non-digital mindset.
Merchant acquirers allowed merchants to accept digital payments but were very much run as a non-digital / traditional sales job. Sales people go to stores physically to convince merchants to use the merchant acquirer’s credit card machine. And these credit card machines generally do not do anything other than take the card number and figure out which network to connect to. What the machine does is technically doable by hand and telephone.
And even for a companies as dominant as Visa and MasterCard, the networks largely also operated with fairly non-digital mindsets. The networks are first and foremost a network between all the banks and nothing more. In the same way that the job of a merchant acquirer could be replicated by hand and telephone, the networks basically only operated as the phone book connecting merchant acquirers with issuing banks.
What I mean by non-digital mindset is that none of these players other than the issuing bank operated their businesses with any consideration for the single thing that has come to define the digital world – data.
The merchant acquirer traditionally gathered no information on the customer. The sole job was to get the card number and send it to the right place.
The networks, also surprisingly, never gathered any data at all other than the card number and transaction value. This is likely the primary reason why Visa has not faced a major security breach. The information that a hacker would get is quite limited.
In fact almost all of the useful information is held at the bank. The bank simultaneously knows your financial situation, your creditworthiness, your purchases and behavior (e.g. Chase has a better understand of whether you would make a large purchase at Nieman Marcus or whether your card has been hacked), and most importantly, your identity. The bank is ultimately responsible for confirming your identity at card issuance for money laundering law purposes (KYC – “Know Your Customer” regulations) as well as confirming your identity for each transaction.
If we analyze this prevailing system, it’s clear that there are really three things going on and that needs to happen in order for this system to work:
1/ Physically enabling the transactions (e.g. giving customer cards to use and giving merchants credit card machines).
2/ Have regulatory and legal access to the financial system to move money around in order to settle payments.
3/ Gather and manage data and verify identities.
The undercurrent that is leading to slow but seismic tectonic shifts beneath the industry is all because of #3.
In the last 20 years, our world has become increasingly digital. And with COVID-19, that trend has accelerated. The process of digitization has pushed more and more of our data into the arms of the internet giants. Capital Flywheels would wager that the internet giants can more easily identify a random stranger than a bank or even the US government. And this has major implications for the evolution of the card payments industry.
With more data, the internet giants will have a greater understanding of your purchasing behavior. This in conjunction with greater technological capability to implement sophisticated security measures like tokenization (i.e. generating a single-use card number every time you swipe the card so that if someone steals your card number it is not usable for fraud purposes) allows them to get a foot in the door by offering services that help reduce fraud. This is exactly how Apple Pay got the banks to cooperate with them – by implementing tokenization to help banks reduce fraud. Apple Pay’s de facto linkage to your phone secured by Touch ID or Face ID makes Apple Pay much more secure than a signature at purchase. Signatures can be riffed but Touch ID and Face ID are much harder to fool.
Not only does superior identity management allow internet giants to slowly take power away from the card issuing banks, but data and identity management allow internet giants to get a foot in the door in the merchant side.
Historically merchants had limited information on customers. To solve that problem merchants would issue their own private label credit cards (remember, the issuer is the one with all the data…if a merchant wants that data, they therefore need to issue the card). There was once a golden age for private label cards, but that age is long gone since most card users now prefer general use cards (mostly with travel or cash back rewards). The usage of Macy’s credit card, for example, has declined over the years. In addition to data, one of the primary benefits of private label cards was the power of the loyalty program that ran on top of it. People using private label cards would generate loyalty points that would bring them back. With the death of private label cards, loyalty programs were forced to be separated into their own tools (e.g. airline loyalty programs, which are not tied to any specific card although there are still airline branded cards that generate loyalty points).
While these loyalty programs did the job, they lack data. The merchant can only see what you buy from that specific merchant. Macy’s can only see what you buy from Macy’s because people are unlikely to use their Macy’s card at Target or Walmart anymore. Unlike private label credit cards that allow that merchant to see what you buy from other merchants, it means the loyalty programs have become less competitive.
The internet giants are now capitalizing on that vacuum. Card payment players that started with a digital mindset like PayPal and Square already are leveraging their datasets to work with merchants to provide targeted promotions to create user loyalty. This data is only available because digital first merchant acquirers like PayPal and Square actually gather data across merchants unlike traditional offline merchant acquirers. And if you extrapolate into the future, is there any doubt that Apple, Google, Amazon, Facebook and other internet giants cannot play this data game better once they see the value of payments?
The physical aspects of facilitating payments and the physical aspects of moving money around will remain the domain of the traditional players. But the growing importance of data and identity management are squarely the domain of the internet giants. This is why the internet giants are making moves into payments and why Capital Flywheels believe they will win. It all comes down to data, loyalty, and identity.
7 thoughts on “Part 3 – Payments and Identity”
Comments are closed.